[Openid-specs-ab] Issue #1406: SIOPv2 - Clause 5 - Para 1 - Last sentence: "The ID Token MAY include claims about the End-User." (openid/connect)
Nat
issues-reply at bitbucket.org
Fri Jan 21 07:08:44 UTC 2022
New issue 1406: SIOPv2 - Clause 5 - Para 1 - Last sentence: "The ID Token MAY include claims about the End-User."
https://bitbucket.org/openid/connect/issues/1406/siopv2-clause-5-para-1-last-sentence-the
Nat Sakimura:
ID Tokens always include claims about the End-User. All of the following are REQUIRED claim in ID Token.
* iss
* sub
* aud
* exp
* iat
ID Token can obviously include other claims as well. So, I am not sure why this normative MAY is here. It probably just suffice to note that it is possible to include other claims, including ecosystem defined claims, in the ID Token and just refer Section 2 of OIDC Core.
More information about the Openid-specs-ab
mailing list